Courseiva
Knowledge + Practice
CertificationsVendorsCareer RoadmapsLabs & ToolsStudy GuidesGlossaryPractice Questions
C
Courseiva

Free IT certification practice questions with explained answers for CCNA, CompTIA, AWS, Azure, Google Cloud, and more.

Certification Practice Questions

CCNA practice questionsSecurity+ SY0-701 practice questionsAWS SAA-C03 practice questionsAZ-104 practice questionsAZ-900 practice questionsCLF-C02 practice questionsA+ Core 1 practice questionsGoogle Cloud ACE practice questionsCySA+ CS0-003 practice questionsNetwork+ N10-009 practice questions
View all certifications →

Product

CertificationsCertification PathsExam TopicsPractice TestsExam Dumps vs Practice TestsStudy HubComparisons

Company

AboutContactEditorial PolicyQuestion Writing PolicyTrust Center

Legal

Privacy PolicyTerms of Service

Courseiva is a free IT certification practice platform offering original exam-style practice questions, detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics for Cisco, CompTIA, Microsoft, AWS, and other technology certifications.

© 2026 Courseiva. Courseiva is operated by JTNetSolutions Ltd. All rights reserved.

Courseiva is an independent certification practice platform and is not affiliated with, endorsed by, or sponsored by Cisco, Microsoft, AWS, CompTIA, Google, ISC2, ISACA, or any other certification vendor. Vendor names and certification marks are used only to identify the exams learners are preparing for.

← Vulnerability Management practice sets

CS0-003 Vulnerability Management • Complete Question Bank

CS0-003 Vulnerability Management — All Questions With Answers

Complete CS0-003 Vulnerability Management question bank — all 0 questions with answers and detailed explanations.

149
Questions
Free
No signup
Certifications/CS0-003/Practice Test/Vulnerability Management/All Questions
Question 1mediummulti select
Read the full Vulnerability Management explanation →

A vulnerability manager is prioritizing remediation. Which factors should influence risk-based priority? (Choose three.)

Question 2mediummulti select
Read the full Vulnerability Management explanation →

Which conditions should push a vulnerability higher in the remediation queue? (Choose three.)

Question 3hardmulti select
Read the full Vulnerability Management explanation →

A scanner reports a critical issue on a network device. Which steps help validate the finding before closure? (Choose two.)

Question 4mediummulti select
Read the full Vulnerability Management explanation →

Which items belong in a vulnerability exception request? (Choose three.)

Question 5hardmulti select
Read the full Vulnerability Management explanation →

A web application DAST scan reports stored XSS. Which evidence helps confirm exploitability? (Choose two.)

Question 6mediummulti select
Read the full Vulnerability Management explanation →

Which pipeline controls help prevent vulnerable dependencies reaching production? (Choose two.)

Question 7hardmulti select
Read the full Vulnerability Management explanation →

A vulnerability appears critical but the vulnerable feature is disabled. What should the analyst document before downgrading? (Choose two.)

Question 8mediummulti select
Read the full Vulnerability Management explanation →

A vulnerability manager wants accurate Linux package findings. Which scan conditions are important? (Choose two.)

Question 9hardmulti select
Read the full NAT/PAT explanation →

An emergency patch may break a revenue-critical system. Which actions balance risk and availability? (Choose two.)

Question 10mediummulti select
Read the full Vulnerability Management explanation →

Which findings should be included when reporting remediation performance to asset owners? (Choose two.)

Question 11hardmulti select
Read the full Vulnerability Management explanation →

A vulnerability scan of a segmented OT network must avoid disrupting fragile devices. Which controls are appropriate? (Choose two.)

Question 12mediummulti select
Read the full Vulnerability Management explanation →

Which sources improve asset criticality context for vulnerability prioritization? (Choose two.)

Question 13hardmulti select
Read the full Vulnerability Management explanation →

A cloud security posture tool reports public access on object storage. Which follow-up checks matter? (Choose two.)

Question 14mediummulti select
Read the full Vulnerability Management explanation →

Which measures help reduce recurring vulnerabilities from unsupported software? (Choose two.)

Question 15hardmulti select
Read the full Vulnerability Management explanation →

An application has a high CVSS vulnerability, but a WAF rule blocks known exploit payloads. What should the team still do? (Choose two.)

Question 16easymultiple choice
Read the full VPN explanation →

A vulnerability scan identifies a critical unauthenticated remote-code-execution flaw on an internet-facing VPN appliance that is actively exploited in the wild. Several internal-only medium vulnerabilities are also present. What should be remediated first? For validation, Which action should be taken before closing or downgrading the finding?

Question 17mediummultiple choice
Read the full NAT/PAT explanation →

A scan of Windows servers reports few findings, but the scanner used no credentials. The security manager suspects missing patch data. What should be changed? For control selection, Which control best addresses the stated weakness without hiding risk?

Question 18hardmultiple choice
Read the full Vulnerability Management explanation →

A scanner flags TLS 1.0 on a server, but the service owner says TLS 1.0 is disabled. What is the BEST validation method? For stakeholder management, Which documentation or approval is required to keep the programme defensible?

Question 19easymultiple choice
Read the full Vulnerability Management explanation →

A CI pipeline blocks a container image because the base layer contains a critical OpenSSL CVE. The application team says the vulnerable binary is not used. What is the BEST next step? For tool configuration, Which scanner or pipeline change most directly improves result quality?

Question 20mediummultiple choice
Read the full Vulnerability Management explanation →

A cloud posture scan finds a storage bucket with public read access containing customer exports. What should the team do first? For business prioritization, Which recommendation gives the best risk-based order of work?

Question 21hardmultiple choice
Read the full Vulnerability Management explanation →

A vulnerability report has 900 findings. One medium CVSS vulnerability is listed in CISA KEV and has high EPSS; several high CVSS issues are not exploitable in the environment. What should the analyst recommend? For validation, Which action should be taken before closing or downgrading the finding?

Question 22easymultiple choice
Read the full Vulnerability Management explanation →

Two servers have the same critical vulnerability. One hosts a public payment API; the other is a lab server isolated from production. What changes the remediation priority? For control selection, Which control best addresses the stated weakness without hiding risk?

Question 23mediummultiple choice
Read the full NAT/PAT explanation →

A legacy system cannot be patched because the vendor no longer supports the application. What should the vulnerability manager request? For stakeholder management, Which documentation or approval is required to keep the programme defensible?

Question 24hardmultiple choice
Read the full Vulnerability Management explanation →

A development team wants to find vulnerable open-source libraries before deployment. Which control best fits this stage? For tool configuration, Which scanner or pipeline change most directly improves result quality?

Question 25easymultiple choice
Read the full Vulnerability Management explanation →

A DAST scan cannot reach authenticated pages of a web application and reports only public content findings. What should be configured? For business prioritization, Which recommendation gives the best risk-based order of work?

Question 26mediummultiple choice
Review the full subnetting walkthrough →

A CVSS 9.8 vulnerability affects an internal service reachable only from a restricted admin subnet. Which additional analysis is most useful? For validation, Which action should be taken before closing or downgrading the finding?

Question 27hardmulti select
Read the full NAT/PAT explanation →

A team requests a patch exception for a legacy application. What should be required? (Choose two.)

Question 28easymultiple choice
Read the full Vulnerability Management explanation →

A supplier provides a software product used in a regulated environment. The security team wants visibility into included libraries and versions. What should they request? For stakeholder management, Which documentation or approval is required to keep the programme defensible?

Question 29mediummultiple choice
Read the full NAT/PAT explanation →

A business unit accepts the risk of delaying a patch because downtime would breach a contractual deadline. What should be updated? For tool configuration, Which scanner or pipeline change most directly improves result quality?

Question 30hardmultiple choice
Read the full Vulnerability Management explanation →

A credentialed Linux scan fails on several hosts after SSH hardening. What is the BEST next step? For business prioritization, Which recommendation gives the best risk-based order of work?

Question 31easymultiple choice
Read the full VPN explanation →

A vulnerability scan identifies a critical unauthenticated remote-code-execution flaw on an internet-facing VPN appliance that is actively exploited in the wild. Several internal-only medium vulnerabilities are also present. What should be remediated first? For control selection, Which control best addresses the stated weakness without hiding risk?

Question 32mediummultiple choice
Read the full NAT/PAT explanation →

A scan of Windows servers reports few findings, but the scanner used no credentials. The security manager suspects missing patch data. What should be changed? For stakeholder management, Which documentation or approval is required to keep the programme defensible?

Question 33hardmultiple choice
Read the full Vulnerability Management explanation →

A scanner flags TLS 1.0 on a server, but the service owner says TLS 1.0 is disabled. What is the BEST validation method? For tool configuration, Which scanner or pipeline change most directly improves result quality?

Question 34easymultiple choice
Read the full Vulnerability Management explanation →

A CI pipeline blocks a container image because the base layer contains a critical OpenSSL CVE. The application team says the vulnerable binary is not used. What is the BEST next step? For business prioritization, Which recommendation gives the best risk-based order of work?

Question 35mediummultiple choice
Read the full Vulnerability Management explanation →

A cloud posture scan finds a storage bucket with public read access containing customer exports. What should the team do first? For validation, Which action should be taken before closing or downgrading the finding?

Question 36hardmultiple choice
Read the full Vulnerability Management explanation →

A vulnerability report has 900 findings. One medium CVSS vulnerability is listed in CISA KEV and has high EPSS; several high CVSS issues are not exploitable in the environment. What should the analyst recommend? For control selection, Which control best addresses the stated weakness without hiding risk?

Question 37easymultiple choice
Read the full Vulnerability Management explanation →

Two servers have the same critical vulnerability. One hosts a public payment API; the other is a lab server isolated from production. What changes the remediation priority? For stakeholder management, Which documentation or approval is required to keep the programme defensible?

Question 38mediummultiple choice
Read the full NAT/PAT explanation →

A legacy system cannot be patched because the vendor no longer supports the application. What should the vulnerability manager request? For tool configuration, Which scanner or pipeline change most directly improves result quality?

Question 39hardmultiple choice
Read the full Vulnerability Management explanation →

A development team wants to find vulnerable open-source libraries before deployment. Which control best fits this stage? For business prioritization, Which recommendation gives the best risk-based order of work?

Question 40easymultiple choice
Read the full Vulnerability Management explanation →

A DAST scan cannot reach authenticated pages of a web application and reports only public content findings. What should be configured? For validation, Which action should be taken before closing or downgrading the finding?

Question 41mediummultiple choice
Review the full subnetting walkthrough →

A CVSS 9.8 vulnerability affects an internal service reachable only from a restricted admin subnet. Which additional analysis is most useful? For control selection, Which control best addresses the stated weakness without hiding risk?

Question 42hardmultiple choice
Read the full NAT/PAT explanation →

A team says a critical vulnerability was patched. What should the vulnerability manager require before closure? For stakeholder management, Which documentation or approval is required to keep the programme defensible?

Question 43easymultiple choice
Read the full Vulnerability Management explanation →

A supplier provides a software product used in a regulated environment. The security team wants visibility into included libraries and versions. What should they request? For tool configuration, Which scanner or pipeline change most directly improves result quality?

Question 44mediummultiple choice
Read the full NAT/PAT explanation →

A business unit accepts the risk of delaying a patch because downtime would breach a contractual deadline. What should be updated? For business prioritization, Which recommendation gives the best risk-based order of work?

Question 45hardmultiple choice
Read the full Vulnerability Management explanation →

A credentialed Linux scan fails on several hosts after SSH hardening. What is the BEST next step? For validation, Which action should be taken before closing or downgrading the finding?

Question 46easymultiple choice
Read the full VPN explanation →

A vulnerability scan identifies a critical unauthenticated remote-code-execution flaw on an internet-facing VPN appliance that is actively exploited in the wild. Several internal-only medium vulnerabilities are also present. What should be remediated first? For stakeholder management, Which documentation or approval is required to keep the programme defensible?

Question 47mediummultiple choice
Read the full NAT/PAT explanation →

A scan of Windows servers reports few findings, but the scanner used no credentials. The security manager suspects missing patch data. What should be changed? For tool configuration, Which scanner or pipeline change most directly improves result quality?

Question 48hardmultiple choice
Read the full Vulnerability Management explanation →

A scanner flags TLS 1.0 on a server, but the service owner says TLS 1.0 is disabled. What is the BEST validation method? For business prioritization, Which recommendation gives the best risk-based order of work?

Question 49easymultiple choice
Read the full Vulnerability Management explanation →

A CI pipeline blocks a container image because the base layer contains a critical OpenSSL CVE. The application team says the vulnerable binary is not used. What is the BEST next step? For validation, Which action should be taken before closing or downgrading the finding?

Question 50mediummultiple choice
Read the full Vulnerability Management explanation →

A cloud posture scan finds a storage bucket with public read access containing customer exports. What should the team do first? For control selection, Which control best addresses the stated weakness without hiding risk?

Question 51hardmultiple choice
Read the full Vulnerability Management explanation →

A vulnerability report has 900 findings. One medium CVSS vulnerability is listed in CISA KEV and has high EPSS; several high CVSS issues are not exploitable in the environment. What should the analyst recommend? For stakeholder management, Which documentation or approval is required to keep the programme defensible?

Question 52easymultiple choice
Read the full Vulnerability Management explanation →

Two servers have the same critical vulnerability. One hosts a public payment API; the other is a lab server isolated from production. What changes the remediation priority? For tool configuration, Which scanner or pipeline change most directly improves result quality?

Question 53mediummultiple choice
Read the full NAT/PAT explanation →

A legacy system cannot be patched because the vendor no longer supports the application. What should the vulnerability manager request? For business prioritization, Which recommendation gives the best risk-based order of work?

Question 54hardmultiple choice
Read the full Vulnerability Management explanation →

A development team wants to find vulnerable open-source libraries before deployment. Which control best fits this stage? For validation, Which action should be taken before closing or downgrading the finding?

Question 55easymultiple choice
Read the full Vulnerability Management explanation →

A DAST scan cannot reach authenticated pages of a web application and reports only public content findings. What should be configured? For control selection, Which control best addresses the stated weakness without hiding risk?

Question 56mediummultiple choice
Review the full subnetting walkthrough →

A CVSS 9.8 vulnerability affects an internal service reachable only from a restricted admin subnet. Which additional analysis is most useful? For stakeholder management, Which documentation or approval is required to keep the programme defensible?

Question 57hardmultiple choice
Read the full NAT/PAT explanation →

A team says a critical vulnerability was patched. What should the vulnerability manager require before closure? For tool configuration, Which scanner or pipeline change most directly improves result quality?

Question 58easymultiple choice
Read the full Vulnerability Management explanation →

A supplier provides a software product used in a regulated environment. The security team wants visibility into included libraries and versions. What should they request? For business prioritization, Which recommendation gives the best risk-based order of work?

Question 59mediummultiple choice
Read the full NAT/PAT explanation →

A business unit accepts the risk of delaying a patch because downtime would breach a contractual deadline. What should be updated? For validation, Which action should be taken before closing or downgrading the finding?

Question 60hardmultiple choice
Read the full Vulnerability Management explanation →

A credentialed Linux scan fails on several hosts after SSH hardening. What is the BEST next step? For control selection, Which control best addresses the stated weakness without hiding risk?

Question 61easymultiple choice
Read the full VPN explanation →

A vulnerability scan identifies a critical unauthenticated remote-code-execution flaw on an internet-facing VPN appliance that is actively exploited in the wild. Several internal-only medium vulnerabilities are also present. What should be remediated first? For tool configuration, Which scanner or pipeline change most directly improves result quality?

Question 62mediummultiple choice
Read the full NAT/PAT explanation →

A scan of Windows servers reports few findings, but the scanner used no credentials. The security manager suspects missing patch data. What should be changed? For business prioritization, Which recommendation gives the best risk-based order of work?

Question 63hardmultiple choice
Read the full Vulnerability Management explanation →

A scanner flags TLS 1.0 on a server, but the service owner says TLS 1.0 is disabled. What is the BEST validation method? For validation, Which action should be taken before closing or downgrading the finding?

Question 64easymultiple choice
Read the full Vulnerability Management explanation →

A CI pipeline blocks a container image because the base layer contains a critical OpenSSL CVE. The application team says the vulnerable binary is not used. What is the BEST next step? For control selection, Which control best addresses the stated weakness without hiding risk?

Question 65mediummultiple choice
Read the full Vulnerability Management explanation →

A cloud posture scan finds a storage bucket with public read access containing customer exports. What should the team do first? For stakeholder management, Which documentation or approval is required to keep the programme defensible?

Question 66hardmultiple choice
Read the full Vulnerability Management explanation →

A vulnerability report has 900 findings. One medium CVSS vulnerability is listed in CISA KEV and has high EPSS; several high CVSS issues are not exploitable in the environment. What should the analyst recommend? For tool configuration, Which scanner or pipeline change most directly improves result quality?

Question 67easymultiple choice
Read the full Vulnerability Management explanation →

Two servers have the same critical vulnerability. One hosts a public payment API; the other is a lab server isolated from production. What changes the remediation priority? For business prioritization, Which recommendation gives the best risk-based order of work?

Question 68mediummultiple choice
Read the full NAT/PAT explanation →

A legacy system cannot be patched because the vendor no longer supports the application. What should the vulnerability manager request? For validation, Which action should be taken before closing or downgrading the finding?

Question 69hardmultiple choice
Read the full Vulnerability Management explanation →

A development team wants to find vulnerable open-source libraries before deployment. Which control best fits this stage? For control selection, Which control best addresses the stated weakness without hiding risk?

Question 70easymultiple choice
Read the full Vulnerability Management explanation →

A DAST scan cannot reach authenticated pages of a web application and reports only public content findings. What should be configured? For stakeholder management, Which documentation or approval is required to keep the programme defensible?

Question 71mediummultiple choice
Review the full subnetting walkthrough →

A CVSS 9.8 vulnerability affects an internal service reachable only from a restricted admin subnet. Which additional analysis is most useful? For tool configuration, Which scanner or pipeline change most directly improves result quality?

Question 72hardmultiple choice
Read the full NAT/PAT explanation →

A team says a critical vulnerability was patched. What should the vulnerability manager require before closure? For business prioritization, Which recommendation gives the best risk-based order of work?

Question 73easymultiple choice
Read the full Vulnerability Management explanation →

A supplier provides a software product used in a regulated environment. The security team wants visibility into included libraries and versions. What should they request? For validation, Which action should be taken before closing or downgrading the finding?

Question 74mediummultiple choice
Read the full NAT/PAT explanation →

A business unit accepts the risk of delaying a patch because downtime would breach a contractual deadline. What should be updated? For control selection, Which control best addresses the stated weakness without hiding risk?

Question 75hardmultiple choice
Read the full Vulnerability Management explanation →

A credentialed Linux scan fails on several hosts after SSH hardening. What is the BEST next step? For stakeholder management, Which documentation or approval is required to keep the programme defensible?

Question 76easymultiple choice
Read the full VPN explanation →

A vulnerability scan identifies a critical unauthenticated remote-code-execution flaw on an internet-facing VPN appliance that is actively exploited in the wild. Several internal-only medium vulnerabilities are also present. What should be remediated first? For business prioritization, Which recommendation gives the best risk-based order of work?

Question 77mediummultiple choice
Read the full NAT/PAT explanation →

A scan of Windows servers reports few findings, but the scanner used no credentials. The security manager suspects missing patch data. What should be changed? For validation, Which action should be taken before closing or downgrading the finding?

Question 78hardmultiple choice
Read the full Vulnerability Management explanation →

A scanner flags TLS 1.0 on a server, but the service owner says TLS 1.0 is disabled. What is the BEST validation method? For control selection, Which control best addresses the stated weakness without hiding risk?

Question 79easymultiple choice
Read the full Vulnerability Management explanation →

A CI pipeline blocks a container image because the base layer contains a critical OpenSSL CVE. The application team says the vulnerable binary is not used. What is the BEST next step? For stakeholder management, Which documentation or approval is required to keep the programme defensible?

Question 80mediummultiple choice
Read the full Vulnerability Management explanation →

A cloud posture scan finds a storage bucket with public read access containing customer exports. What should the team do first? For tool configuration, Which scanner or pipeline change most directly improves result quality?

Question 81hardmultiple choice
Read the full Vulnerability Management explanation →

A vulnerability report has 900 findings. One medium CVSS vulnerability is listed in CISA KEV and has high EPSS; several high CVSS issues are not exploitable in the environment. What should the analyst recommend? For business prioritization, Which recommendation gives the best risk-based order of work?

Question 82easymultiple choice
Read the full Vulnerability Management explanation →

Two servers have the same critical vulnerability. One hosts a public payment API; the other is a lab server isolated from production. What changes the remediation priority? For validation, Which action should be taken before closing or downgrading the finding?

Question 83mediummultiple choice
Read the full NAT/PAT explanation →

A legacy system cannot be patched because the vendor no longer supports the application. What should the vulnerability manager request? For control selection, Which control best addresses the stated weakness without hiding risk?

Question 84hardmultiple choice
Read the full Vulnerability Management explanation →

A development team wants to find vulnerable open-source libraries before deployment. Which control best fits this stage? For stakeholder management, Which documentation or approval is required to keep the programme defensible?

Question 85easymultiple choice
Read the full Vulnerability Management explanation →

A DAST scan cannot reach authenticated pages of a web application and reports only public content findings. What should be configured? For tool configuration, Which scanner or pipeline change most directly improves result quality?

Question 86mediummultiple choice
Review the full subnetting walkthrough →

A CVSS 9.8 vulnerability affects an internal service reachable only from a restricted admin subnet. Which additional analysis is most useful? For business prioritization, Which recommendation gives the best risk-based order of work?

Question 87hardmultiple choice
Read the full NAT/PAT explanation →

A team says a critical vulnerability was patched. What should the vulnerability manager require before closure? For validation, Which action should be taken before closing or downgrading the finding?

Question 88easymultiple choice
Read the full Vulnerability Management explanation →

A supplier provides a software product used in a regulated environment. The security team wants visibility into included libraries and versions. What should they request? For control selection, Which control best addresses the stated weakness without hiding risk?

Question 89mediummultiple choice
Read the full NAT/PAT explanation →

A business unit accepts the risk of delaying a patch because downtime would breach a contractual deadline. What should be updated? For stakeholder management, Which documentation or approval is required to keep the programme defensible?

Question 90hardmultiple choice
Read the full Vulnerability Management explanation →

A credentialed Linux scan fails on several hosts after SSH hardening. What is the BEST next step? For tool configuration, Which scanner or pipeline change most directly improves result quality?

Question 91mediummulti select
Read the full Vulnerability Management explanation →

Which three of the following are key considerations when implementing a vulnerability management lifecycle in an enterprise environment? (Choose three.)

Question 92mediummulti select
Read the full Vulnerability Management explanation →

Which three of the following are common challenges when conducting authenticated vulnerability scans in a large, heterogeneous network? (Choose three.)

Question 93mediummulti select
Read the full Vulnerability Management explanation →

Which three of the following are effective techniques for prioritizing vulnerabilities for remediation in a vulnerability management program? (Choose three.)

Question 94mediummulti select
Read the full Vulnerability Management explanation →

Which three of the following are best practices for integrating vulnerability scanning into a continuous integration/continuous deployment (CI/CD) pipeline? (Choose three.)

Question 95mediummulti select
Read the full Vulnerability Management explanation →

A security analyst is reviewing the results of a recent vulnerability scan. The analyst needs to prioritize remediation efforts effectively. Which four of the following factors should the analyst consider when prioritizing vulnerabilities? (Choose four.)

Question 96mediumdrag order
Read the full Vulnerability Management explanation →

Order the steps to perform a vulnerability scan using a tool like Nessus.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5
Question 97mediumdrag order
Read the full NAT/PAT explanation →

Order the steps for a typical patch management process.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5
Question 98mediumdrag order
Read the full NAT/PAT explanation →

Order the steps for deploying a new security patch to a production environment.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5
Question 99mediummatching
Read the full Vulnerability Management explanation →

Match each log type to its typical source.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Windows Event Log (Security)

Linux/Unix system messages

Web server (e.g., Apache, IIS)

Database or application activity

Network firewall traffic records

Question 100mediummatching
Read the full Vulnerability Management explanation →

Match each attack type to its description.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Deceptive email to steal credentials

Malware that encrypts data for ransom

Overwhelming a service with traffic

Injecting malicious SQL queries

Intercepting communication between parties

Question 101mediummatching
Read the full Vulnerability Management explanation →

Match each analysis technique to its description.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Matches known patterns

Identifies deviations from baseline

Uses rules to detect suspicious behavior

Monitors actions over time

Applies mathematical models

Question 102easymultiple choice
Read the full NAT/PAT explanation →

A security analyst is reviewing vulnerability scan results and notices that several critical vulnerabilities have been reported on the same web server for three consecutive months. The server owner states that the patches cannot be applied due to application compatibility issues. Which of the following is the BEST course of action?

Question 103mediummultiple choice
Read the full Vulnerability Management explanation →

During a vulnerability assessment, a security analyst discovers that a network device is running an outdated firmware version with known exploits. The device is critical to production and cannot be rebooted during business hours. Which of the following is the BEST approach to remediate this vulnerability?

Question 104hardmultiple choice
Read the full Vulnerability Management explanation →

A security analyst is prioritizing vulnerabilities for remediation. The following vulnerabilities have been identified:

Vulnerability A: CVSS v3.1 Base Score 9.8 (Critical), no known exploit, affects internet-facing web server. Vulnerability B: CVSS v3.1 Base Score 7.5 (High), exploit available, affects internal database server. Vulnerability C: CVSS v3.1 Base Score 6.1 (Medium), exploit available, affects internal file server. Vulnerability D: CVSS v3.1 Base Score 4.0 (Medium), no known exploit, affects internal workstation.

Which vulnerability should be remediated FIRST?

Question 105easymultiple choice
Read the full Vulnerability Management explanation →

A security analyst has identified a large number of false positives in a vulnerability scan report. Which of the following is the BEST way to reduce false positives in future scans?

Question 106mediummultiple choice
Read the full Vulnerability Management explanation →

A company has implemented a vulnerability management program. The security team needs to ensure that all critical vulnerabilities are remediated within 30 days. Which of the following metrics would BEST measure the effectiveness of this goal?

Question 107hardmultiple choice
Read the full Vulnerability Management explanation →

A security analyst is reviewing the output of a vulnerability scan and notices that a critical vulnerability on a Linux server has been reported as 'Confirmed' by the scanner. The analyst checks the system and finds that the actual vulnerability does not exist because a kernel upgrade was applied via a yum update but the scanner did not detect the change. Which of the following is the MOST likely cause?

Question 108easymultiple choice
Read the full Vulnerability Management explanation →

A security analyst is conducting a vulnerability assessment of a web application. The assessment reveals that the application is vulnerable to SQL injection. Which of the following is the MOST effective remediation?

Question 109mediummultiple choice
Read the full NAT/PAT explanation →

An organization uses automated patch management for workstations but manual patching for servers. After a critical vulnerability is announced, the security team wants to expedite patching for servers. Which of the following is the BEST approach?

Question 110hardmultiple choice
Read the full Vulnerability Management explanation →

During a vulnerability scan, the scanner reports a high number of open ports on a server that is supposed to be a hardened web server. The analyst investigates and finds that the server is running unnecessary services. Which of the following is the MOST effective long-term solution?

Question 111mediummulti select
Read the full Vulnerability Management explanation →

A security analyst is prioritizing vulnerabilities for remediation. Which TWO factors should be considered HIGHEST when determining prioritization? (Choose two.)

Question 112hardmulti select
Read the full Vulnerability Management explanation →

A security analyst has identified a critical vulnerability that affects multiple systems. The analyst needs to report the vulnerability to management. Which THREE elements should be included in the vulnerability report? (Choose three.)

Question 113hardmulti select
Read the full Vulnerability Management explanation →

A vulnerability assessment has identified multiple issues. Which THREE actions are appropriate steps in the remediation process? (Choose three.)

Question 114mediummultiple choice
Read the full NAT/PAT explanation →

A security analyst discovers a server that is missing multiple critical patches. The server hosts a legacy application that cannot be patched immediately due to compatibility issues. Which of the following is the BEST approach to manage the vulnerability risk?

Question 115easymultiple choice
Read the full Vulnerability Management explanation →

A vulnerability scan report shows a critical vulnerability on a web server with a CVSS score of 9.8. The IT manager wants to know the risk to the organization. Which of the following factors should the analyst consider FIRST?

Question 116hardmultiple choice
Read the full Vulnerability Management explanation →

During a penetration test, an analyst successfully exploits a privilege escalation vulnerability to gain root access on a Linux server. The server is used for application development. Which of the following remediation actions would be MOST effective in preventing similar attacks?

Question 117mediummultiple choice
Read the full Vulnerability Management explanation →

A vulnerability scanner reports that an internal web application is vulnerable to SQL injection. The development team says they fixed it by input sanitization. Which of the following should the analyst do FIRST?

Question 118easymultiple choice
Read the full NAT/PAT explanation →

A company has a policy to remediate vulnerabilities within 30 days. A critical vulnerability is discovered on a database server. The patch requires a reboot, and the database cannot be taken offline during business hours. Which of the following is the BEST approach?

Question 119hardmultiple choice
Read the full Vulnerability Management explanation →

A vulnerability assessment identifies that an external-facing server has an outdated TLS version configured. The server supports TLS 1.0 and SSL 3.0. Which of the following is the MOST secure configuration change?

Question 120mediummultiple choice
Read the full NAT/PAT explanation →

An analyst is reviewing scan results and finds that a critical vulnerability is present on 50 workstations. The vendor has released a patch, but the IT team is concerned about potential compatibility issues. Which of the following should the analyst recommend?

Question 121easymultiple choice
Read the full Vulnerability Management explanation →

Which of the following is the BEST method to prioritize vulnerabilities for remediation?

Question 122hardmultiple choice
Read the full NAT/PAT explanation →

A security analyst is reviewing a report from an authenticated vulnerability scan of a Windows domain controller. The report indicates multiple critical vulnerabilities related to Active Directory. The system administrator claims the patches have been applied. Which of the following is the MOST likely cause of the discrepancy?

Question 123mediummulti select
Read the full Vulnerability Management explanation →

Which TWO of the following are best practices for vulnerability scanning in a PCI DSS compliant environment? (Select TWO)

Question 124hardmulti select
Read the full Vulnerability Management explanation →

A security analyst is prioritizing vulnerabilities from a scan. Which TWO factors should be considered to determine the remediation priority? (Select TWO)

Question 125easymulti select
Read the full Vulnerability Management explanation →

Which THREE of the following are common challenges in vulnerability management? (Select THREE)

Question 126mediummultiple choice
Read the full Vulnerability Management explanation →

An analyst runs an external vulnerability scan and receives the output above. Which of the following should be the analyst's primary concern?

Exhibit

Refer to the exhibit.

Port     State    Service
22/tcp   open     ssh
80/tcp   open     http
443/tcp  open     https
3389/tcp filtered ms-wbt-server
Question 127easymultiple choice
Read the full Vulnerability Management explanation →

The analyst sees this alert from a vulnerability scanner. What is the MOST immediate action?

Exhibit

Refer to the exhibit.

[alert] (1:1000001) Critical vulnerability: CVE-2024-1234
Severity: High
CVSS: 8.5
Affected: web01.example.com (port 443)
Solution: Upgrade to version 2.3.4
Question 128hardmultiple choice
Read the full Vulnerability Management explanation →

A security analyst reviews this S3 bucket policy. Which vulnerability is present?

Exhibit

Refer to the exhibit.

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": "*",
      "Action": "s3:GetObject",
      "Resource": "arn:aws:s3:::company-data/*"
    }
  ]
}
Question 129easymultiple choice
Read the full NAT/PAT explanation →

A security analyst is reviewing vulnerability scan results and sees a critical vulnerability on a web server with a CVSS score of 9.8. The server is a legacy system that cannot be patched without causing application downtime. The business requires the application to remain available. Which of the following is the BEST course of action?

Question 130hardmultiple choice
Read the full Vulnerability Management explanation →

A vulnerability management team uses OpenVAS to scan a network of 500 hosts weekly. The scans are causing network congestion and generating false positives. Which of the following would BEST reduce the impact while maintaining effective vulnerability detection?

Question 131mediummultiple choice
Read the full Vulnerability Management explanation →

A company wants to prioritize vulnerabilities based on exploitability and impact. Which industry standard framework should the analyst use?

Question 132mediummultiple choice
Read the full NAT/PAT explanation →

During a vulnerability scan, an analyst discovers a high-severity vulnerability on a critical database server. The server is in production and cannot be taken offline. The vendor has released a patch but requires a reboot. Which of the following should the analyst recommend FIRST?

Question 133easymultiple choice
Read the full Vulnerability Management explanation →

An organization performs quarterly vulnerability scans of its internal network. The scans have a high number of false positives for out-of-date software that is actually up to date. Which of the following would BEST improve the accuracy of the scans?

Question 134hardmultiple choice
Read the full Vulnerability Management explanation →

A security analyst is tasked with performing a risk assessment for a new web application. The application will handle sensitive customer data. Which of the following should the analyst do FIRST to identify vulnerabilities specific to the application?

Question 135easymultiple choice
Read the full NAT/PAT explanation →

A company wants to automate the deployment of security patches to endpoints. Which of the following tools would BEST support this requirement?

Question 136mediummultiple choice
Read the full Vulnerability Management explanation →

A security analyst is configuring a vulnerability scan for a demilitarized zone (DMZ) containing public-facing web servers. The analyst wants to minimize the risk of causing a denial-of-service condition on the servers. Which of the following scan settings should be configured?

Question 137mediummulti select
Read the full Vulnerability Management explanation →

A vulnerability management analyst is reviewing the results of an authenticated scan. The analyst identifies several medium-severity vulnerabilities that have been present for over a year. Which of the following are the best actions to take? (Choose two.)

Question 138hardmulti select
Read the full Vulnerability Management explanation →

A security analyst is prioritizing vulnerabilities for remediation. The analyst has the following information: a vulnerability with a CVSS score of 9.0 that affects a public-facing web server, and a vulnerability with a CVSS score of 7.5 that affects an internal database server with sensitive data. Which two factors should the analyst consider when prioritizing? (Choose two.)

Question 139easymulti select
Read the full Vulnerability Management explanation →

A company is implementing a vulnerability management program. Which of the following are essential components of a vulnerability management lifecycle? (Choose three.)

Question 140hardmultiple choice
Read the full Vulnerability Management explanation →

Based on the scan output, which vulnerability should be prioritized first for remediation?

Network Topology
$ nmap -sVscript vulnersRefer to the exhibit.Nmap scan report for 10.0.1.50Host is up (0.0012s latency).PORT STATE SERVICE VERSION| vulners:| cpe:/a:openbsd:openssh:8.0:| CVE-2020-15778 9.8 https://vulners.com/cve/CVE-2020-15778| CVE-2019-16905 7.5 https://vulners.com/cve/CVE-2019-16905|_ CVE-2020-12060 5.3 https://vulners.com/cve/CVE-2020-12060
Question 141hardmultiple choice
Read the full NAT/PAT explanation →

Your organization has deployed a new web application on a Linux server. The application uses a custom database port (TCP 3307). During a routine vulnerability scan, the scanner reports a critical vulnerability: 'MySQL Server - Unrestricted File Upload (CVE-20XX-XXXX)'. The system administrator confirms that MySQL is not installed; the custom database uses PostgreSQL on port 3307. The scanner likely misidentified the service due to port-based fingerprinting. On further investigation, you find that the scanner's fingerprinting database has an incorrect mapping for port 3307. The PostgreSQL version is current and fully patched. The environment is production and cannot be disrupted. Which of the following is the BEST action to take?

Question 142mediummultiple choice
Read the full Vulnerability Management explanation →

A security analyst at a financial institution is responsible for vulnerability management. The company has a policy that all critical vulnerabilities must be remediated within 72 hours. The weekly vulnerability scan identifies a critical vulnerability on a file server that hosts sensitive customer data. The vulnerability is a remote code execution in the operating system. The server is running a legacy OS that is no longer supported by the vendor. The system owner states that the application on the server cannot be migrated to a newer OS for at least six months. The server cannot be taken offline because it is used by the compliance team for daily audits. Which of the following should the analyst recommend to best address the risk?

Question 143easymultiple choice
Read the full NAT/PAT explanation →

A penetration testing team has completed an internal assessment and provided a report with several high-risk findings. One finding indicates that a web application is vulnerable to SQL injection. The application is used by external customers to submit orders. The development team has reviewed the finding and states that it will take three weeks to fix the code and deploy a patch. The security operations center (SOC) has observed increased scanning activity targeting the application's IP address from external sources. The company's risk tolerance for web application vulnerabilities is low. Which of the following should the analyst recommend as the immediate next step?

Question 144easymulti select
Read the full Vulnerability Management explanation →

A security analyst is reviewing a vulnerability scan report and must prioritize remediation efforts. Which TWO factors are most important for prioritizing vulnerability remediation?

Question 145mediummultiple choice
Read the full Vulnerability Management explanation →

A company uses a mix of Windows and Linux servers. The vulnerability scanner reports a critical remote code execution vulnerability in Apache Struts (CVE-2017-5638) on a web server located in the DMZ. This server is behind a load balancer with an identical twin server that does not appear vulnerable. The security team needs to implement immediate remediation while minimizing downtime. What should the analyst do?

Question 146hardmultiple choice
Read the full NAT/PAT explanation →

A large enterprise uses a vulnerability management platform that integrates with Active Directory and a configuration management database (CMDB). During a quarterly scan, a critical vulnerability (CVE-2021-44228) is detected on a legacy application server running an end-of-life (EOL) version of Java. The server supports a critical business process and cannot be upgraded or patched because the vendor no longer provides updates. The analyst must reduce the risk to an acceptable level. What is the best approach?

Question 147mediummulti select
Read the full Vulnerability Management explanation →

A security analyst is reviewing the results of a vulnerability scan. The scan identified several critical vulnerabilities on a web server that were previously reported three months ago. Which TWO actions should the analyst take to improve the vulnerability management process?

Question 148hardmultiple choice
Read the full Vulnerability Management explanation →

Based on the exhibit, which vulnerability should the analyst prioritize for remediation?

Exhibit

Refer to the exhibit.

Nmap scan report for 10.10.10.15
Host is up (0.0012s latency).
Not shown: 995 closed ports
PORT     STATE    SERVICE      VERSION
22/tcp   open     ssh          OpenSSH 7.4 (protocol 2.0)
80/tcp   open     http         Apache httpd 2.4.6 ((CentOS) OpenSSL/1.0.2k-fips)
443/tcp  open     ssl/http     Apache httpd 2.4.6 ((CentOS) OpenSSL/1.0.2k-fips)
3306/tcp open     mysql        MySQL 5.5.62
8080/tcp open     http-proxy   Squid http proxy 3.5.20

Service Info: OS: Linux
Question 149easymultiple choice
Read the full NAT/PAT explanation →

A mid-sized e-commerce company uses a multi-cloud environment with AWS and Azure. The vulnerability management team performs monthly authenticated scans using a commercial scanner. During the last scan, a critical remote code execution vulnerability (CVE-2023-XXXX) was identified on an EC2 instance running a legacy application. The application owner states that the instance cannot be patched immediately because the patch would break compatibility with a third-party API. The instance has direct internet access and handles PCI data. The CISO wants to reduce risk to an acceptable level within 48 hours. Which course of action should the analyst recommend?

Practice tests

Scored 10-question sessions with instant feedback and explanations.

CS0-003 Practice Test 1 — 10 Questions→CS0-003 Practice Test 2 — 10 Questions→CS0-003 Practice Test 3 — 10 Questions→CS0-003 Practice Test 4 — 10 Questions→CS0-003 Practice Test 5 — 10 Questions→CS0-003 Practice Exam 1 — 20 Questions→CS0-003 Practice Exam 2 — 20 Questions→CS0-003 Practice Exam 3 — 20 Questions→CS0-003 Practice Exam 4 — 20 Questions→Free CS0-003 Practice Test 1 — 30 Questions→Free CS0-003 Practice Test 2 — 30 Questions→Free CS0-003 Practice Test 3 — 30 Questions→CS0-003 Practice Questions 1 — 50 Questions→CS0-003 Practice Questions 2 — 50 Questions→CS0-003 Exam Simulation 1 — 100 Questions→

Practice by domain

Each domain maps to a weighted exam section. Focus on the domain where you are weakest.

Security OperationsVulnerability ManagementIncident Response and ManagementReporting and Communication

Practice by scenario

Filter questions by type — troubleshooting, exhibit, drag-and-drop, PBQ, ACLs, OSPF, and more.

Browse scenarios→

Continue studying

All Vulnerability Management setsAll Vulnerability Management questionsCS0-003 Practice Hub